Am 27.07.2011 23:00, schrieb Jesse Keating: > On 7/27/11 1:09 PM, Reindl Harald wrote: >> Depends on the PATH-Order >> >> if something is intended to be first in PATH and any attacker is able >> to write there his "ls" would win against "/bin/ls" > > So, the attacker can write a compromised ls into .local/bin/, but isn't > able to modify your .bash_profile ? Seems like a stretch you are missing important rules of security: * NOTHING is 100% secure * make it as difficult as possible for attackers it is a hughe difference if a attacker has only to drop a file somewhere while bypassing any vulernable application to be sucessfull or if he have to edit/overwrite a existing file TOO mostly he has only ONE successful attempt to do anything, is very limited what he can really do and gets no feedback, so if your are vulnerable with ONE BLIND shot you are wide open compared with a bundle of needed actions, even if a attacker could do the whole bundle of needed actions -> if he forgets ANYTHING he will have no access, if only one action needed you are f**ed that is how security most of the time works -> no make anything 100% secure, but make it as difficult as possible!
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
